firewalld_service_control:
  service.dead:
    - name: firewalld
    - enable: False  # 确保开机不自动启动
